I am looking for some guidance. I understand where I want to go, but I don’t have a clear understanding on how to get to that position. I honestly want a reverse engineering on the software side gig.

Right now, I’m at the Help desk level and been there for 2 yrs. What I want to do is transition from the HD to SW dev. I’m having a hard time getting technical interviews because I don’t have a college degree and I don’t have previous “professional” experience and I’m not being taken seriously because of my age I’m 19. Honestly, right now I cannot afford college. Is there anything I can do to transition from the HD to a more programming heavy position?

Once at the developer level and I become more senior. How would I get that prerequisite RE experience all employers are looking for? What are some good certs Like GREM that are good to go along with to give me a chance to receive interviews? I have not been able to find many certs for RE. Would any of the other sec cert be valuable to the skillset I need. Great website will post less and read more.

Your best chances to get into the reversing field is in the anti-malware industry. If you have already experience in reversing (can reverse/unpack/analyze common packers/crypters, know the PE structure, are familiar with standard tools like IDA Pro, Zynamics BinDiff, OllyDbg, etc.) it shouldn't be too hard to get at least a junior position, even without a degree.

I am with Joshsevo on the military. Unless you have some moral issue with it, but you can't knock the benefits you gain, especially in the field of InfoSec. A clearance alone will make you marketable. The government is hard up on finding talented individuals to work its Cyber Command posts.

College is also a major plus. If you can't afford it, see option 1.

Does your current employer have an Info Sec department/team? If so see if you can help them out. A lot of times we simply do some behavioral analysis of malware files but that might be the extent of it. The information you can gain from the reverse engineering is certainly more usefule since the filenames may change but the internal behavior may work the same. Understanding the what the malware is exploiting in the deep reaches of its code is invaluable.

I'm sorry, ive got to disagree on the military issue. I know from long time personal experience, CURRENTLY going IT in the military will give you the most basic of experience as a junior, and you will get out with plenty on paper, and not much else. Now I will grant that this is dependent on many factors, MOS, duty station, unit, ect. But take it from someone who's been there, you dont want your career at the behest of situations that you cant control.

That is not to say that the military is not a good option or that it doesnt produce good IT Pros. But IMO, the real good ones were pros before they came in, took advantage of opportunities and moved on.

If you want to consider the military, especially with an interest in IT Security, my best advice, A: join the AF with a guarantee for Cyber Surety. B: Wait until next year and Join the Army Reserve/NG. Ive seen numerous reservists working with government agencies leveraging both military and civilian experience in both military and civilian careers.

Study long and hard, and take the path that seems the most right for you, just keep in mind that having the right education is sometimes necessary for a lot of jobs. Getting experience, is also important, but if you're really good and you can prove it during a technical interview, then experience may not be as important for e.g., junior position jobs.

I don't work in infosec daily, but I am working on relocating to another country where I finally landed a job within infosec, and mostly, I've done a lot of voluntary (free) work, heldesk (2½ years in total), and of course an internship too So basically, at day I've had some random job and during the evening / night, research, study, and / or voluntary or freelance jobs

If you want to know how I began, here's how: http://pentestmag.com/the-story-of-maxe/&nbsp; I hope that you'll find out what your path is, and then work hard on getting there Just keep in mind, it's the struggle, not the destination that matters hehe

MaXe wrote:Study long and hard, and take the path that seems the most right for you, just keep in mind that having the right education is sometimes necessary for a lot of jobs. Getting experience, is also important, but if you're really good and you can prove it during a technical interview, then experience may not be as important for e.g., junior position jobs.

I don't work in infosec daily, but I am working on relocating to another country where I finally landed a job within infosec, and mostly, I've done a lot of voluntary (free) work, heldesk (2½ years in total), and of course an internship too So basically, at day I've had some random job and during the evening / night, research, study, and / or voluntary or freelance jobs

If you want to know how I began, here's how: http://pentestmag.com/the-story-of-maxe/&nbsp; I hope that you'll find out what your path is, and then work hard on getting there Just keep in mind, it's the struggle, not the destination that matters hehe

Cool history... I know you maXe that you are also cool.

Can you tell us that how you apply ? It is over online or locally etc. I am also trying to manage a visa for any country (UK,US,German, Australia etc)...

Choobie wrote:Right now, I’m at the Help desk level and been there for 2 yrs. What I want to do is transition from the HD to SW dev. I’m having a hard time getting technical interviews because I don’t have a college degree and I don’t have previous “professional” experience and I’m not being taken seriously because of my age I’m 19. Honestly, right now I cannot afford college. Is there anything I can do to transition from the HD to a more programming heavy position?

Once at the developer level and I become more senior. How would I get that prerequisite RE experience all employers are looking for?

I'm going to ignore the first paragraph and go from the right now. If you want to be a programmer, then program.

Getting experience as programmer is probably easier than other parts of IT.

First look at what languages you know. Look at what languages you want to learn. Lastly look at the languages that are popular, but don't forget the old stable ones always people looking for those.

From there, start finding itches you have that you want to scratch. Set a deadline and test the code. Make a website that you can host the code on as an opensource thing. Put something in there that you will recognize as yours. It's about building a portfolio. Use that to try and get on a larger open source project. Even if you have to join the project by saying you'll work on the Documentation. Which may actually be a good start to getting in to R.E. Or at least dealing with other people's code. There are dead projects out there that need to be picked up too.

After that, find some bugs, write test cases, submit. Repeat.

As for the certs, there are secure coding exams and certs out there that you can take. Look up SANS Secure Programming Assessment.

Last edited by rattis on Sun Jan 29, 2012 2:49 am, edited 1 time in total.